← Back to CVE List
CVE-2021-25025
The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create events
> MITRE Terms of Use apply – see LICENSE‑MITRE.txt